PRIVACY AND DATA PROTECTION POLICY

(the “Policy”)

1. PRIVACY POLICY STATEMENT

1.1. One Game Foundation Ltd. (UEN: 201810158R) (the “Company”, “we”, “our” or “us”) respects your legal
rights to personal data protection when we collect, transfer, store, or access your personal data.

1.2. This Policy outlines the Company’s practices in relation to the collection, storage, use, processing and
disclosure of personal data (as defined under the Personal Data Protection Act 2012 (“PDPA”) through our
website located at http://one.game/privacy.pdf (the “Website”).

1.3. By visiting, accessing, or using the Website, you (“User”, “you”, or “your”) have indicated that you are at
least eighteen (18) years old, have the legal capacity to consent to this Policy, and to agree to be bound by
the policies and practices of this Policy in their entirety. This Policy sets out the following:

(a) The types of personal data being collected and the sources from which we collect such personal data;

(b) The purposes for collection, use and disclosure of personal data;

(c) Disclosure of personal data;

(d) Care of personal data (accuracy, protection, retention and transfer); and

(e) The process by which we receive and respond to any feedback that may arise with respect to the
collection, storage, use, processing and disclosure of personal data.

1.4 This Policy may be amended from time to time and we will provide notice of such amendments by posting
the revised Terms on the Website (and changing the “Updated on” date reflected in the top left-hand corner
of this page).

1.5 We will comply with the PDPA and other applicable data protection and privacy laws, such as the European
Union General Data Protection Regulation (“GDPR”).

2. COLLECTION OF PERSONAL AND OTHER INFORMATION

2.1. Non-Personal Data: If the User chooses to use the Website, the User consents to allowing the Company to
collect information about the User’s activities and trends through the Website. Such information may include
(a) Device Information: Information that is automatically collected about your device, such as, but not limited
to, your browser’s name and technical information about your means of connection to the Website, in
particular hardware, operating system, browser, among other similar information; (b) Location Information:
Information that is automatically collected via analytics systems providers to determine your location,
including your IP address or domain name or both and any external page that referred you to us; (c) Log
Information: Information that is generated by your use of the Website that is automatically collected and
stored in our server logs. This may include, but is not limited to, device-specific information, location
information, system activity and any internal and external information related to the Website that you visit;
and (d) Account Information: Information that is generated by your account activity on the Website including,
but not limited to, purchase activity, trading activity, deposits, withdrawals, and account balances. This
information is aggregated to provide statistical data about our users' browsing actions and patterns, and
does not personally identify individuals.

2.2. The User expressly agrees and acknowledges that the Company shall collect and store the User’s personal
information (whether you are a EU resident or not) from which that User can be identified (“User
Information”). Such User Information does not include data where the identity of the Users has been
removed (anonymous data). Statistical or demographic data, such as to provide better content and services,
may be derived from your personal information but if anonymized, is not considered personal data for the
purposes of the PDPA or under any applicable law because this data does not directly or indirectly reveal
your identity. User Information may include but not limited to the following:

(a) User’s name, email address, residential address, birth date, nationality, passport, driver’s license or any
government issued ID username or similar identifier and an encrypted version of your login/password;
(b) Transaction data that occurs on the blockchain and details about payment to and from you and other

Page 1 of 7
 details of products and services you have purchased on the Website; and
(c) Data in relation to your preferences in receiving marketing and communication from us and our third
parties.

2.3. Such User Information may come within the meaning of “personal data” as defined in the PDPA and as used
in this Policy. The User acknowledges that your User Information may be used by the Company to provide
services and features targeted at the User, that are most likely to meet the User’s needs, and to customise
and improve the Website and the experiences of you and other users of the Website (but these other users
will not see or have access to your User Information).

2.4. In addition, the definition of personal data under the GDPR may be wider than that under the PDPA or other
privacy laws, and includes sensitive personal information, such as your race, ethnicity, religion and any
medical condition you may have. For the purposes of our Know-Your-Customer (“KYC”) checks, we may
have obtained information about your race and ethnicity as well as other details that may have been
contained in the KYC documents you had provided to us, such as the copy of your passport

2.5. The User is aware that any and all information pertaining to the User collected by the Company, whether or
not directly provided by the User to the Company (via the Website or otherwise), including but not limited to
personal correspondence such as emails or letters, instructions from the User relating to the services
offered on the Website, or communications between the User and other users, as well as information that
you provide to us in correspondence with respect to ongoing customer support may be collected and
compiled by the Company and you hereby expressly consent to the same.

2.6. Cookies: The Company collects data by way of ‘cookies’. Cookies are small data files which are sent to the
User’s browser from the Website and are stored on the User’s computer or device (hard drive). The cookies
shall not provide access to data in the User’s computer or device (hard drive), such as email address or any
other data that can be traced to the User personally. The data collected by way of cookies will allow us to
administer the Website and provide a tailored and user-friendly service to the Users. Information collected
from cookies is used by us to evaluate the effectiveness of the Website, analyse trends, and administer the
Website. The information collected from cookies allows the Company to determine such things as which
parts of the Website are most visited and difficulties our visitors may experience in accessing the Website.
With this knowledge, the Company aims to improve the quality of the User’s experience on the Website by
recognising and delivering the most desired features and information. In addition to cookies, the Company
may also use a technology known as web bugs or clear gifs, which are typically stored in emails to help
confirm receipt of, and response to, the emails sent by the Company and to provide the User with a
personalised experience while accessing the Website. You agree to the use of cookies by continuing to use
the Website and any platform operated by the Company.

2.7. The cookies shall enable the Users to access certain features or services of the Website. Most web browsers
and devices can be set to notify when a User receives a cookie or to prevent cookies from being sent; if the
User accepts such features, it may limit the functionality that the Company can provide when a User visits
the Website.

2.8. We may also collect or otherwise be provided with User Information about you from third parties whose
websites you visit or whose services you use, including as social media platforms, where You may have
authorized such websites and platforms to collect and share your User Information.

3. USE OF THE INFORMATION COLLECTED

3.1. We may use the User Information to:

(a) Provide the User with the use of the Website and the services offered on the Website, including
customer support and marketing materials for the Token Sale (as defined in the Terms of Sale
accessible at http://one.game (the “Terms of Sale”));

(b) Optimise and enhance the Website or any websites or platform operated by the Company or its
affiliates, for all users, or for you specifically;

(c) Conduct anti-fraud, anti-money laundering and countering of terrorist financing (“AML/CFT”), and
identity verification and authentication KYC checks (you authorise the Company to share your
information with our third-party service providers, when applicable, who may also conduct their own

Page 2 of 7
 searches about you);
(d) Monitor the usage of the Website, and conduct automated and manual security checks of our service;
and

(e) Create aggregated and anonymised reporting data about the Company.

3.2. The Company will handle personal data appropriately, in line with the circumstances and in accordance with
applicable law in Singapore, including the PDPA. If any intended use of personal data will go beyond the
purposes envisioned during collection, the Company will notify Users of the new purpose(s) and seek
consent to use their personal data for such purpose(s).

3.3. If you are an EU resident, we are required to disclose the legal basis for processing your data under the
GDPR. We will use data as described in the following paragraphs.

3.4. If you purchase OGT from us on the Website, we will obtain the relevant information about you for our KYC
checks. In accordance with the Terms of Sale we will use the data to:

(a) process and assist you with any transaction related to the sale and purchase of the in-game
cryptocurrency of the Company, the “OGT” as outlined in the Terms of Sales;

(b) notify you about any changes to our services and products; and

(c) conduct on going-fraud AML/CFT, and identity verification and authentication KYC checks (and you
authorise the Company to share your information with our third-party service providers, when applicable,
who may also conduct their own searches about you).

3.5 As it is in our interests to be responsive to you, to provide customised services and marketing and to ensure
the proper functioning of our services and organisation, we will use your data to:

(a) improve the Website and to ensure content from the Website is presented in the most effective manner
for you and your device;

(b) administer the Website and for internal operations, including troubleshooting, data analysis, testing,
research, statistical and survey purposes;

(c) monitor and record calls for quality, training, legal compliance, analysis and other related purposes in
order to pursue our legitimate interests and to improve service delivery;

(d) send you surveys by email or other forms of communication, including notifications on your social media
platforms. You can opt-out of receiving these surveys at any time by contacting us;
(e) respond to your enquiries, requests or feedback;

(f) enforce our terms, conditions and policies;

(g) allow you to participate in interactive features of the Website, when you choose to do so;

(h) customise our products and services to you, including by responding to and catering for your customer
preferences;

(i) personalise the content you see on our Website;

(j) keep the Website safe and secure;

(k) aggregate your and other customer’s User Information into anonymised statistical data (such as number
of players in a game), which we will use for statistical analysis so that we can better understand Users’
profile and improve service offering;

(l) to customise our marketing. You may choose to notify the Company to stop sending you targeted or
customized marketing materials.

4. SUBMISSIONS

Page 3 of 7
4.1. We cannot agree to obligations of confidentiality or nondisclosure with regard to any unsolicited information
the User submits to us, regardless of the method or medium chosen. By submitting unsolicited information or
materials to us or the Company’s service providers, you or anyone acting on your behalf, agree that any
such information or materials will not be considered confidential or proprietary.

4.2. We do not provide any facility for sending or receiving private or confidential electronic communications. You
should not use the Website to transmit any communication for which you intend only for you and the
intended recipient(s) to read. Notice is hereby given that all messages and other content entered using the
Website can and may be read by us, regardless of whether we are the intended recipients of such
messages. Nevertheless, access to messages and other content will be accessible only by the authorised
personnel of the Company and its service providers that reasonably need such access.

5. SECURITY AND RETENTION OF PERSONAL INFORMATION

5.1. We protect the personal data in our possession or under our control by making reasonable and practical
security arrangements to protect the User’s personal information from unauthorised access, collection, use,
disclosure, copying, modification, disposal or similar. Unfortunately, however, no data transmission over the
internet or data storage system can be guaranteed to be completely secure.
5.2. The User agrees and acknowledges that the above-mentioned measures do not guarantee absolute
protection and by accessing the Website, the User agrees to assume all risks associated with disclosure of
personal information arising due to breach of firewalls and secure server software.

5.3. The Company undertakes to review the security measures from time to time in light of new and relevant legal
and technical developments.

5.4. The User is aware that personal data may continue to be stored and retained by the Company for the period
necessary to carry out the purposes outlined in this Policy unless a longer retention is required under
applicable law or until it is no longer necessary for any other legal or Company purposes (whichever is later).

6. DISCLOSURE OF PERSONAL INFORMATION

(a) in order to carry out the purposes for which such personal data was collected; or

(b) where the User has consented; or

(c) where permitted under the PDPA or other applicable law or;

(d) if required by applicable law, including the reporting of suspicious transactions to the authorities in any
jurisdiction.

6.2. You should be aware that Ethereum and other cryptocurrencies are not necessarily truly anonymous.
Generally, anyone can see the balance and transaction history, public keys of any address on the Ethereum
blockchain. We, and any others who can match your public address to other information about you, may be
able to identify you from a blockchain transaction. This is because, in some circumstances, information
published on a block chain (such as your public key and IP address) can be correlated with information that
we and others may have. This may be the case even if we, or they, were not involved in the blockchain
transaction. Furthermore, by using data analysis techniques on a given blockchain, it may be possible to
identify other information about you. As part of our security, anti-fraud, AML/CFT or identity verification and
authentication checks, the Company may conduct such analysis to collect and process such information
about you. You acknowledge and agree to allow us to perform such practices.

7. THIRD PARTY USER EXPERIENCE IMPROVEMENT SERVICES

7.1. The Company may use third party services and applications to better understand the behaviour of the Users of
the Website. Where your consent has been provided, the personal data you provide to us may be transferred to
third parties as may be advised to you, either within or outside Singapore, as may be necessary for any of the
purposes stated above. Our contracts with these third parties will include the necessary provisions to safeguard
the personal data that is being transferred to them.

7.2. A User’s relationship with these third parties and their services and tools is independent of the User’s
relationship with the Company. These third parties may allow the User to permit or restrict the information

Page 4 of 7
 that is collected and it may be in the User’s interest to individually restrict or enable such data collections.
The place of processing depends on each third party service provider and the User may wish to check the
privacy policy of each of these service providers to identify how much data is shared and why.

7.3. If you are an EU resident, and if we do store any of your data in the European Economic Area (“ EEA”), when
we transfer the data outside the EEA under this paragraph 7, this is done either on the basis that it is
necessary for the performance of the services provided to you by the Company, or that the transfer is subject
to the applicable laws in the EU or under the GDPR.

8. THIRD PARTY AUTHENTICATION SERVICES

8.1. The Company may use third party authentication services. In such cases, we may be privy to, granted
access to, , or store, certain data available with these third parties for registration and identification purposes.

8.2. The place of processing depends on each third party service provider and you may wish to check the privacy
policy of each of these service providers to identify how much data is shared and why.

8.3. If you are an EU resident, and if we do store any of your data in the EEA, when we transfer the data outside
the EEA under this paragraph 8, this is done either on the basis that it is necessary for the performance of
the services provided to you by the Company, or that the transfer is subject to the applicable laws in the EU
or under the GDPR.

9. THIRD PARTY LINKS

9.1. We may, at our discretion, include third party products or services on the Website that are not operated by
Us. These third party sites have separate and independent privacy policies. We have no control over, and
therefore assume no responsibility or liability for the content and activities of these linked websites. We
strongly advise You to review the privacy policy of every site you visit.

10. THIRD PARTY STORAGE

10.1. The Company and the Website may use international web hosting facilities and cloud server services which
are maintained in accordance with tight security standards.

11. TRANSFER OF PERSONAL DATA OUTSIDE SINGAPORE

12. COMPANY TRANSITIONS

12.1. The User is aware that in the event the Company goes through a transition, such as a merger, acquisition by
another organisation, or sale of all or a portion of its assets, the Users’ personal data might be among the
assets transferred as a result of the Company transition.

13. RIGHTS IN RELATION TO YOUR PERSONAL DATA

13.1. Under the PDPA, you may, by a written request to us, ascertain whether the information we hold about you is
accurate and current, and you may also access and correct your personal data . Details of such rights are set
out as follows.

13.2. The right to access: You have the right to know whether we process data about you, and if we do, to access
data we hold about you and certain information about how we use it and who we share it with.

13.3. When handling a data access or correction request, we check the identity of the requesting party to ensure
that he or she is the person legally entitled to make such request. We may charge you a reasonable fee for
our administrative costs incurred for complying with your request.

13.4. We may not provide you with certain data if another law that prevails over the PDPA or the data privacy laws
allows us not to provide you with such data, or if providing the data would reveal information about another
person, or otherwise infringe on his or her right to privacy.

Page 5 of 7
13.5. There are certain circumstances in which we will decline to comply with your request under paragraph 13.2.
These include (to the extent allowable under applicable law) situations where:

(a) a government agency in Singapore or regulator with jurisdiction over us direct us not to comply with a
customer’s request;

(b) the information may, in our discretion, affect the safety of any person or persons; and

(c) the data may be relevant to a regulator or official investigators as part of an investigation into criminal
conduct or breach of applicable laws.

13.6. The right to correction or rectification: You may request us to correct any data held about you that is
inaccurate.
13.7. Withdrawal of Consent To Use Your Personal Data: You may withdraw your consent for us to use your
personal data at any time by contacting us as directed below. We shall stop using your personal data and
ensure that the parties to whom we transferred your personal data in accordance with paragraphs 6, 7, 8, 10,
11 and 12, will comply with your request. If you only wish to stop receiving marketing or promotional
materials and information from us, please contact us as indicated below.

Additional Rights for residents of the European Union (EU)

13.8. If you are a resident in the EU, you may have the following rights under the GDPR in relation to your personal
data, that is, (i) the right to be informed about how we use the Users’ Information what is what we are doing
in this Policy; (ii) the right of data portability, (iii) the right of erasure (or deletion, which term we are using in
this Policy), (iv) the right to restrict processing, (v) the right to object, and (vi) the rights in relation to
automated decision making and profiling. These rights will be subject to ongoing obligations imposed on the
Company under any applicable laws or regulation and the Company’s legitimate and legal rights to continue
processing your information or to refuse that request. More details on these rights are set out below.

13.9. The right of data portability: You may request to receive the data we collect from you in a structured,
commonly used and machine-readable format if processing of the data had been carried out by automatic
means, and a right to request that we transfer such data to another party. The relevant subset of your data is
data you provide us with your consent and will not include any data of any other person.

13.10. If you wish for us to transfer your personal data to another party, you must give us the details we need about
that party. You acknowledge that the exercise of your rights is subject to such transfer being technically
feasible. We are not responsible for the security of the data or its processing once received by the third party.
We also may not provide you with certain data if providing the data would reveal information about another
person, or otherwise infringe on his or her right to privacy

13.11. The right of erasure or deletion: You may request that we delete the data we hold about you in the
following circumstances:

(a) our continued holding of your personal data is no longer necessary for the purposes for which such
data had been collected;

(b) having provided your consent earlier, you now wish to withdraw your consent to our processing your
data, and there is no other legal ground under which we can process the data;

(c) you do not wish to receive updates, news about promotions or marketing materials from us that have
been customised using data we have about you; or
(d) the data we hold about you have been unlawfully processed in a manner not in accordance with
applicable laws.

13.12. You may exercise your right to restrict our processing of the data while we consider your request.

13.13. Notwithstanding your requests, we may retain the data if there is a legal basis under applicable laws for us to
do so although we will notify you of such a legal basis. You agree and acknowledge that if we do delete your
data, you will be forgotten and we will not be able to provide you services that are customised to your
preferences.

Page 6 of 7
13.14. If we have made your personal data public, and there are grounds for deletion, we will take reasonable steps
to tell others to whom we had earlier transferred your data to also delete the data.

13.15. The right to restrict processing to storage: You have a right to require us to stop processing the data we
hold about you other than for storage purposes in certain circumstances. However, if we stop processing the
data, we may use it again if there are valid grounds under applicable laws for us to do so, including laws
relating to AML/CFT.

13.16. You may request we stop processing and only store the data we hold about you if:

(a) You contest the accuracy of the data, for the period it takes for us to verify whether the data is accurate;

(b) You are of the view that the processing of your data is unlawful and you only want us to restrict its use;

(c) We wish to erase the data as it is no longer necessary for our purposes but you require it to be stored for
the establishment, exercise or defence of legal claims; or

(d) You have objected to us processing the data we hold about you, pending verification whether our
legitimate grounds override yours.

13.17. The right to object: You may, at any time, object to us processing the data we hold about you for direct
marketing purposes, including where we build profiles for such purposes and we will stop processing the
data for that purpose.

13.18. The right in relation to automated decision making and profiling: You have the right not to be subject to
a decision by us based solely on automated processing, including profiling, which produces legal effects
concerning you or similarly significantly affects you unless you have given your explicit consent or unless
otherwise permitted under the GDPR.

13.19. To exercise any of your rights set out in this paragraph 13 or under the GDPR, please write to us at the email
address set out in paragraph 15 below. We will need to know the specific rights that you want to exercise,
or the reasons for your objections, so that we can assess whether there are compelling legitimate grounds
which override your interests, rights and freedoms, or so that we can determine if you have a valid basis to
restrict our processing of your data. You must also provide us with proof of identity before we will respond to
any requests to exercise your rights. We will respond to a request by you to exercise those rights without
undue delay and at least within one (1) month (although this may be extended by a further two (2) months in
certain circumstances).

14. UPDATE TO THIS POLICY

14.1. The Company reserves its right to revise, modify and update this Policy at any time, without prior notice, at
the sole discretion of the Company.

14.2. Users may check the date of the most updated version of this Policy by referring to the upper left-hand corner
of this page.
15. CONTACT AND ENQUIRIES:

Please send any questions or requests in relation to the Policy to: Email:

[email protected]

To facilitate any request in respect of your personal data, You should indicate “PDPA Request” in your email or other
communication to us.

Page 7 of 7